Privacy Policy

Kardex App is the data controller responsible for your personal information collected through the Kardex mobile application. For privacy-related inquiries, contact our Privacy Team at privacy@kardex.app. If you are located in the European Economic Area (EEA), you have the right to lodge a complaint with your local data protection authority.

We collect the following categories of personal information:

If you are located in the European Economic Area or Mexico, we process your personal data under the following legal bases: (a) Contract Performance: processing necessary to provide the App and its features; (b) Legitimate Interests: analytics, security monitoring, and fraud prevention; (c) Consent: location data access, marketing communications, and non-essential analytics. You may withdraw consent at any time without affecting prior processing; (d) Legal Obligation: compliance with applicable law, including data retention requirements.

• Provide, operate, and maintain the App and all its features
• Generate AI-powered vehicle health assessments and maintenance recommendations
• Create certified vehicle history reports (PDF)
• Send maintenance reminders, service alerts, and push notifications with your consent
• Process and manage your subscription and account
• Analyze usage patterns to improve app performance and features
• Detect, investigate, and prevent fraudulent or unauthorized activity
• Comply with legal obligations and enforce our Terms
• Train and improve our AI models using aggregated, anonymized data
• You may opt out of contributing anonymized data to AI model improvement at any time by contacting us at privacy@kardex.app

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

• Service Providers: Trusted third-party providers for cloud storage, analytics, push notifications, and customer support. These providers process data only on our behalf, under strict data processing agreements.
• Store Platforms: Apple App Store and Google Play Store process subscription payments. Their use of your data is governed by their respective privacy policies.
• Legal Requirements: We may disclose your information to law enforcement or government authorities when required by applicable law, regulation, or enforceable governmental request.
• Business Transfers: If Kardex undergoes a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We will notify you before your data is transferred and becomes subject to a different privacy policy.
• With Your Consent: We may share your information with third parties if you have provided explicit consent for a specific purpose beyond those described here.
• AI Processing Providers: We use third-party AI services, which may include providers such as Google AI (Gemini), to process vehicle data and chat messages for the purpose of generating health assessments, maintenance recommendations, and AI-assisted features. These providers process data on our behalf under strict data processing agreements that provide the same or equal protection of user data as stated in this privacy policy. Personal data is transmitted only when you explicitly use AI-powered features and only the minimum data necessary is shared. Your data is not used by these providers to train their AI models.

We never share individual vehicle data, maintenance records, or expense logs with third parties for marketing or advertising purposes.

We retain your personal data for as long as your account is active or as necessary to provide the Service. Specifically: account information is retained until you delete your account; vehicle and maintenance records are retained as long as you maintain an active account; anonymized analytics data may be retained indefinitely; legal and financial records may be retained for up to 7 years to comply with applicable laws. Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

Kardex does not use cookies, browser tracking technologies, or cross-app tracking identifiers. We do not use Apple's IDFA (Identifier for Advertisers) or any advertising network. We do not track you across other companies' apps or websites, and we do not use your data for targeted advertising. We use the following analytics and monitoring technologies solely to operate and improve the app: (a) PostHog for in-app product analytics — events such as screen views, feature usage, and subscription actions are collected and linked to your user account to improve the app experience; (b) Sentry for crash reporting and error monitoring — error reports may include your user ID, email, device information, and app state at the time of the error. Both services process data on our behalf under data processing agreements. You may request deletion of your analytics data by contacting privacy@kardex.app.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your account and associated data via Settings > Account > Delete Account
• Right to Restriction: Request that we limit processing of your data in certain circumstances
• Right to Data Portability: Request your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for location access or marketing emails at any time
• ARCO Rights (Mexico / LFPDPPP): Rights of Access, Rectification, Cancellation, and Objection over your personal data

To exercise any of these rights, contact us at privacy@kardex.app or use the App Settings. We will respond to verified requests within 30 days.

The App is not directed to or intended for use by children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children under these ages. If we discover that we have inadvertently collected personal information from a child, we will immediately delete it. If you believe we may have collected information from a child, please contact us at privacy@kardex.app.

We implement industry-standard technical and organizational security measures including: encryption of data in transit using TLS 1.2 or higher; encryption of sensitive data at rest; secure authentication with hashed passwords; access controls limiting data access to authorized personnel; regular security assessments and vulnerability testing; and incident response procedures. While we strive to protect your information, no security system is impenetrable. In the event of a data breach that poses a risk to your rights, we will notify you and applicable authorities in accordance with applicable law.

The App integrates the following third-party services, each processing data only for the stated purpose and under strict data processing agreements:

• Supabase (supabase.com): Cloud infrastructure provider for database, authentication, file storage, and backend functions. All user data, vehicle records, and uploaded documents are stored on Supabase servers.
• Google AI — Gemini (ai.google.dev): AI model provider for vehicle health analysis, chat assistance, document scanning, and predictive maintenance. Data is sent only when you explicitly use AI-powered features. Your data is not used to train Google's AI models.
• PostHog (posthog.com): Product analytics platform. Collects in-app events, screen views, and feature usage linked to your user ID to help us understand and improve the app.
• Sentry (sentry.io): Crash reporting and error monitoring. Captures application errors with user ID, email, device information, and app state to help us diagnose and fix issues.
• RevenueCat (revenuecat.com): Subscription management platform. Receives your user ID and subscription status from the Apple App Store or Google Play to manage entitlements and premium features.
• Apple App Store / Google Play: Process subscription payments and manage in-app purchases. Their use of your data is governed by Apple's and Google's respective privacy policies.

We are not responsible for the privacy practices of third-party services. We encourage you to review the privacy policies of each provider listed above.

Your information may be transferred to and processed in countries other than your country of residence. Where required by applicable law including GDPR, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission. For users in Mexico, transfers outside Mexico comply with LFPDPPP requirements and are subject to contractual data protection obligations.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through in-app notifications or email at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance. If you do not agree to the changes, you should stop using the Service and delete your account before the effective date.

If you have questions, concerns, or requests regarding this Privacy Policy, please contact our Privacy Team: